Back to search
CVE-2021-23968
Published: Feb 26, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
| Vendor | Product | Versions |
|---|---|---|
Mozilla | Firefox | affected < 86 |
Mozilla | Thunderbird | affected < 78.8 |
Mozilla | Firefox ESR | affected < 78.8 |
References
https://www.mozilla.org/security/advisories/mfsa2021-07/
x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2021-09/
x_refsource_MISC
https://www.mozilla.org/security/advisories/mfsa2021-08/
x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1687342
x_refsource_MISC
[debian-lts-announce] 20210301 [SECURITY] [DLA 2578-1] thunderbird security update
mailing-list
x_refsource_MLIST
DSA-4866
vendor-advisory
x_refsource_DEBIAN
GLSA-202104-10
vendor-advisory
x_refsource_GENTOO
GLSA-202104-09
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now